CN116506166A - Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium - Google Patents

Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium Download PDF

Info

Publication number
CN116506166A
CN116506166A CN202310412087.2A CN202310412087A CN116506166A CN 116506166 A CN116506166 A CN 116506166A CN 202310412087 A CN202310412087 A CN 202310412087A CN 116506166 A CN116506166 A CN 116506166A
Authority
CN
China
Prior art keywords
vehicle
authentication
message
server
mounted equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310412087.2A
Other languages
Chinese (zh)
Inventor
曾涛
汪向阳
何文
谭成宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202310412087.2A priority Critical patent/CN116506166A/en
Publication of CN116506166A publication Critical patent/CN116506166A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The application discloses a vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium, and relates to the technical field of vehicles, so as to realize communication security among vehicle-mounted equipment. The method is applied to the server and comprises the following steps: transmitting a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm; under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; and receiving and transmitting a long connection request through the vehicle-mounted equipment.

Description

Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium
Technical Field
The invention relates to the technical field of vehicles, in particular to a vehicle-mounted equipment authentication method, device and system, a vehicle and a readable storage medium.
Background
With the development of vehicle intellectualization, the development amount of vehicle electronic software is increased remarkably, and a great challenge is brought to the electronic and electric architecture of a vehicle, and the safety of the vehicle-mounted equipment serving as an important electric component in a vehicle platform is particularly important.
Because of the plurality of vehicle-mounted devices in the vehicle, the communication safety among the vehicle-mounted devices is difficult to ensure, and if the vehicle-mounted devices are replaced or invaded by the background of the vehicle-mounted devices, the vehicle data can be leaked, and even the safety of the vehicle is influenced. Therefore, how to ensure the communication security between the vehicle-mounted devices is a technical problem to be solved.
Disclosure of Invention
The invention aims to provide a vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium, so as to realize safety control of an external power supply interface and an internal power supply interface.
According to a first aspect of the present application, there is provided an in-vehicle apparatus authentication method, applied to a server, the method including: transmitting a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code (Message authentication code, MAC), wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by a preset algorithm; under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server; and receiving and transmitting a long connection request through the vehicle-mounted equipment, wherein the long connection request is transmitted by the server under the condition that the authentication is passed, and the long connection request is used for requesting to establish long connection with the server.
According to the technical means, when a first authentication request message sent by the vehicle-mounted device is received, a first random number is sent to the vehicle-mounted device; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm. In this way, by transmitting the first random number to the in-vehicle apparatus, the specific first message authentication code can be received. Further, under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted device to authenticate the server. Therefore, the vehicle-mounted equipment and the server can perform bidirectional authentication, and the reliability of authentication is improved. Further, the long connection request is sent by the vehicle-mounted device, and the long connection request is sent by the server under the condition that authentication is passed, and is used for requesting to establish long connection with the server. That is, the long connection is established in the case where the mutual authentication is passed, so that the communication security between the in-vehicle devices can be improved.
Further, the method comprises the following steps: processing the vehicle-mounted equipment identifier and the first random number by using a preset algorithm to obtain a third message authentication code; and if the first message authentication code and the third message authentication code are the same, determining that the vehicle-mounted equipment passes authentication.
According to the technical means, the vehicle-mounted equipment identifier and the first random number can be processed through a preset algorithm to obtain the third message authentication code, and whether the vehicle-mounted equipment authentication passes or not is determined by comparing the third message authentication code with the first message authentication code. Thus, illegal intrusion of vehicle-mounted equipment can be avoided.
Further, the method comprises the following steps: and within a preset time period after the long connection request is sent by the vehicle-mounted equipment, if the transmission message is not received through the long connection, the long connection is disconnected.
According to the technical means, the long connection can be disconnected if the transmission message is not received through the long connection within the preset time after the long connection request is determined. Therefore, when the server and the vehicle-mounted equipment do not have the transmission message for a long time, if the vehicle-mounted equipment is invaded, the server and the vehicle-mounted equipment are still in a long connection state, so that the communication safety between the vehicle-mounted equipment is improved, and the network resource consumption can be reduced.
Further, if it is determined that the vehicle-mounted device authentication is not passed, an alarm message is sent to the vehicle-mounted device, wherein the alarm message is used for indicating the vehicle-mounted device to perform authentication again.
According to the technical means, under the condition that the vehicle-mounted equipment is determined to not pass the authentication, the warning message is sent to the vehicle-mounted equipment to instruct the vehicle-mounted equipment to perform the authentication again, so that the fact that the authentication caused by the abnormality of the authentication process of the vehicle-mounted equipment is not passed can be avoided, and the reliability of the authentication process is further ensured.
In a second aspect, there is provided an in-vehicle apparatus authentication apparatus applied to a server, the apparatus including: the device comprises a sending unit, a receiving unit and a processing unit; a transmitting unit configured to transmit a first random number to the in-vehicle apparatus when receiving a first authentication request message transmitted by the in-vehicle apparatus; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment; the receiving unit is used for receiving the authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm; the processing unit is used for processing the server identification and the second random number by utilizing a preset algorithm under the condition that the authentication of the vehicle-mounted equipment is confirmed to pass, so as to obtain a second message authentication code; the sending unit is further used for sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises a second message authentication code and a server identifier; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server; the processing unit is further used for receiving and sending a long connection request through the vehicle-mounted equipment, wherein the long connection request is sent by the server under the condition that authentication is passed, and the long connection request is used for requesting to establish long connection with the server.
Further, the apparatus further comprises a determining unit; the processing unit is further used for processing the vehicle-mounted equipment identifier and the first random number by using a preset algorithm to obtain a third message authentication code; and a determining unit configured to determine that the vehicle-mounted device passes authentication in a case where the first message authentication code and the third message authentication code are the same.
Further, the processing unit is further configured to disconnect the long connection if the transmission packet is not received through the long connection within a preset duration after the long connection request is sent through the vehicle-mounted device.
Further, the sending unit is further configured to send an alarm message to the vehicle-mounted device when it is determined that the vehicle-mounted device is not authenticated, where the alarm message is used to instruct the vehicle-mounted device to re-authenticate.
In a third aspect, there is provided an in-vehicle apparatus authentication system including a server; the server is adapted to perform the method as in the first aspect or any of the possible designs of the first aspect.
In a fourth aspect, there is provided an in-vehicle apparatus authentication apparatus including: a processor; a memory for storing processor-executable instructions; the processor is configured to execute instructions, the functions performed in the first aspect or any of the possible designs of the first aspect.
In a fifth aspect, there is provided a vehicle including the in-vehicle apparatus authentication system as provided in the third aspect.
In a sixth aspect, there is provided an in-vehicle apparatus authentication apparatus that can realize the functions performed by the in-vehicle apparatus authentication apparatus in the above aspects or in each possible design, the functions being realized by hardware, such as: in one possible design, the vehicle-mounted device authentication apparatus may include: a processor and a communication interface, the processor may be configured to support the in-vehicle device authentication apparatus to implement the functions involved in the first aspect or any of the possible designs of the first aspect.
In yet another possible design, the in-vehicle device authentication apparatus may further include a memory for holding computer-executable instructions and data necessary for the in-vehicle device authentication apparatus. The processor executes the computer-executable instructions stored by the memory when the in-vehicle device authentication apparatus is operated, to cause the in-vehicle device authentication apparatus to perform any one of the possible in-vehicle device authentication methods of the first aspect or the first aspect.
In a seventh aspect, a computer readable storage medium is provided, which may be a readable non-volatile storage medium, the computer readable storage medium storing computer instructions or a program which, when run on a computer, cause the computer to perform the above first aspect or any one of the possible on-vehicle device authentication methods of the above aspects.
In an eighth aspect, there is provided a computer program product containing instructions which, when run on a computer, enable the computer to perform the vehicle-mounted device authentication method of the first aspect or any one of the possible designs of the aspects.
The invention has the beneficial effects that:
(1) Transmitting a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm. In this way, by transmitting the first random number to the in-vehicle apparatus, the specific first message authentication code can be received. Further, under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted device to authenticate the server. Therefore, the vehicle-mounted equipment and the server can perform bidirectional authentication, and the reliability of authentication is improved. Further, the long connection request is sent by the vehicle-mounted device, and the long connection request is sent by the server under the condition that authentication is passed, and is used for requesting to establish long connection with the server. That is, the long connection is established in the case where the mutual authentication is passed, so that the communication security between the in-vehicle devices can be improved.
(2) The vehicle-mounted equipment identifier and the first random number can be processed through a preset algorithm to obtain a third message authentication code, and whether the vehicle-mounted equipment authentication passes or not is determined by comparing the third message authentication code with the first message authentication code. Thus, illegal intrusion of vehicle-mounted equipment can be avoided.
(3) The long connection can be disconnected if the transmission message is not received through the long connection within a preset time after the long connection request is determined. Therefore, when the server and the vehicle-mounted equipment do not have the transmission message for a long time, if the vehicle-mounted equipment is invaded, the server and the vehicle-mounted equipment are still in a long connection state, so that the communication safety between the vehicle-mounted equipment is improved, and the network resource consumption can be reduced.
(4) Under the condition that the vehicle-mounted equipment authentication is determined to be failed, an alarm message is sent to the vehicle-mounted equipment to instruct the vehicle-mounted equipment to conduct authentication again, so that the failure of the authentication caused by the abnormality of the vehicle-mounted equipment authentication process can be avoided, and the reliability of the authentication process is further ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application and do not constitute an undue limitation on the application.
Fig. 1 is a schematic structural diagram of an authentication system for a vehicle-mounted device according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of another vehicle-mounted device authentication system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an authentication device for a vehicle-mounted device according to an embodiment of the present application;
fig. 4 is a schematic flow chart of an authentication method of a vehicle-mounted device according to an embodiment of the present application;
fig. 5 is a flowchart of another vehicle-mounted device authentication method according to an embodiment of the present application;
fig. 6 is a flowchart of another vehicle-mounted device authentication method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of still another vehicle-mounted device authentication apparatus according to an embodiment of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the disclosure described herein may be capable of operation in sequences other than those illustrated or described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with aspects of embodiments of the present application as detailed in the accompanying claims.
It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, and/or components.
It should be noted that the illustrations provided in the following embodiments merely illustrate the basic concept of the present invention by way of illustration, and only the components related to the present invention are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.
With the development of vehicle intellectualization, the development amount of vehicle electronic software is increased remarkably, and a great challenge is brought to the electronic and electric architecture of a vehicle, and the safety of the vehicle-mounted equipment serving as an important electric component in a vehicle platform is particularly important.
In order to determine the safety of the vehicle-mounted equipment, the vehicle networking safety authentication scheme based On the blockchain technology can help the vehicle or a vehicle-mounted Unit (OBU) equipment complete network access authentication, and illegal vehicle access is avoided through safe network access authentication and interaction authentication. However, the method is external authentication of the vehicle, and the authenticity and legality of electronic equipment in the vehicle cannot be ensured; and the chip performance of the electronic equipment in the vehicle is difficult to support the complex authentication process.
Because of the plurality of vehicle-mounted devices in the vehicle, the communication safety among the vehicle-mounted devices is difficult to ensure, and if the vehicle-mounted devices are replaced or invaded by the background of the vehicle-mounted devices, the vehicle data can be leaked, and even the safety of the vehicle is influenced. Therefore, how to ensure the communication security between the vehicle-mounted devices is a technical problem to be solved.
In view of this, an embodiment of the present application provides a vehicle-mounted device authentication method, applied to a server, including: transmitting a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm; under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server; and receiving and transmitting a long connection request through the vehicle-mounted equipment, wherein the long connection request is transmitted by the server under the condition that the authentication is passed, and the long connection request is used for requesting to establish long connection with the server.
The method provided in the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
It should be noted that, the vehicle-mounted device authentication system described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and does not constitute a limitation on the technical solution provided in the embodiments of the present application, and those skilled in the art can know that, with the evolution of the vehicle-mounted device authentication system and the appearance of other vehicle-mounted device authentication systems, the technical solution provided in the embodiments of the present application is equally applicable to similar technical problems.
The vehicle-mounted equipment authentication system provided by the embodiment of the application can be applied to a vehicle. The vehicle may be any type of vehicle. For example, the vehicle may be a fuel vehicle, a hybrid vehicle, a new energy vehicle, etc., and the embodiments of the present application do not limit the specific technology, the specific number, and the specific equipment configuration adopted by the vehicle.
Fig. 1 is a schematic diagram of a composition of an in-vehicle device authentication system 10 according to an embodiment of the present application, and as shown in fig. 1, the in-vehicle device authentication system 10 may include a server 11 and an in-vehicle device 12.
Wherein the server 11 is connected to the in-vehicle apparatus 12. For example, the server 11 and the in-vehicle device 12 may be connected wirelessly or by a wired connection, which is not limited in the embodiment of the present invention.
The server 11 may be a central gateway, a computer, or the like. The server may be a single server, or may be a server cluster formed by a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. The embodiment of the present application does not limit the specific technology, the specific number, and the specific device configuration adopted by the server 11.
The in-vehicle apparatus 12 is provided inside the vehicle. Meanwhile, the in-vehicle device 12 may be any one of electronic devices having a data processing function. For example, the in-vehicle device 12 may be a remote communication terminal (tv Box).
For example, as shown in fig. 2, in the case where the server 11 is a center gateway and the in-vehicle device 12 is a Tbox, the center gateway and the Tbox may be connected to each other via a server lan bus (Controller Area Network, CAN) or an ethernet optical interface card connection (Fiber Ethernet Adapter, eth 0).
The central gateway may be connected with a plurality of vehicle-mounted device domains, which may include a body domain, a cabin domain, a driving domain, an entire vehicle domain, and a diagnostic port, each of which may include one or more electronic server units (Electronic Control Unit, ECU). The connection mode of the central gateway and the plurality of vehicle-mounted device domains can be set according to the requirement. For example, the central gateway may be connected to the body area and the whole vehicle area via CAN, to the cabin area via CAN or eth1, to the driving area via eth2, and to the diagnostic port via CAN or eth 3.
It should be noted that fig. 1 and fig. 2 are only exemplary frame diagrams, and names of the respective modules included in fig. 1 and fig. 2 are not limited, and other modules may be included in addition to the functional modules shown in fig. 2, which is not limited in this embodiment of the present application.
In particular implementations, the apparatus of fig. 1 and 2 may employ the constituent structure shown in fig. 3 or include the components shown in fig. 1 and 2. Fig. 3 is a schematic structural diagram of an in-vehicle device authentication apparatus 200 according to an embodiment of the present application, where the in-vehicle device authentication apparatus 200 may be a server in an in-vehicle device authentication system, or the in-vehicle device authentication apparatus 200 may be a chip or a system on a chip in the server. As shown in fig. 3, the in-vehicle apparatus authentication device 200 includes a processor 201, a communication interface 202, and a communication line 203.
Further, the in-vehicle apparatus authentication device 200 may further include a memory 204. The processor 201, the memory 204, and the communication interface 202 may be connected by a communication line 203.
The processor 201 is a CPU, general-purpose processor, network processor (network processor, NP), digital signal processor (digital signal processing, DSP), microprocessor, micro-server, programmable logic device (programmable logic device, PLD), or any combination thereof. The processor 201 may also be other devices with processing functions, such as, without limitation, circuits, devices, or software modules.
Communication interface 202 is used to communicate with other devices or other communication networks. The communication interface 202 may be a module, a circuit, a communication interface, or any device capable of enabling communication.
A communication line 203 for transmitting information between the respective components included in the in-vehicle apparatus authentication device 200.
Memory 204 for storing instructions executable by processor 201. Wherein the instructions may be computer programs.
The memory 204 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device capable of storing static information and/or instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device capable of storing information and/or instructions, an EEPROM, a CD-ROM (compact disc read-only memory) or other optical disk storage, an optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, etc.
It should be noted that the memory 204 may exist separately from the processor 201 or may be integrated with the processor 201. Memory 204 may be used to store instructions or program code or some data, etc. The memory 204 may be located inside the in-vehicle device authentication apparatus 200 or outside the in-vehicle device authentication apparatus 200, without limitation. The processor 201 is configured to execute the instructions stored in the memory 204, so as to implement the vehicle-mounted device authentication method provided in the following embodiments of the present application.
In one example, processor 201 may include one or more CPUs, such as CPU0 and CPU1 in fig. 3.
As an alternative implementation, the in-vehicle device authentication apparatus 200 includes a plurality of processors, for example, a processor 205 may be included in addition to the processor 201 in fig. 3.
It should be noted that the constituent structures shown in fig. 3 do not constitute limitations of the respective apparatuses in fig. 1 and 2, and that the respective apparatuses in fig. 1 and 2 may include more or less components than those shown in fig. 3, or may combine some components, or may be arranged differently, in addition to those shown in fig. 3.
In the embodiment of the application, the chip system may be formed by a chip, and may also include a chip and other discrete devices.
Further, actions, terms, etc. referred to between embodiments of the present application may be referred to each other without limitation. In the embodiment of the present application, the name of the message or the name of the parameter in the message, etc. interacted between the devices are only an example, and other names may also be adopted in the specific implementation, and are not limited.
The following describes a vehicle-mounted device authentication method provided in the embodiment of the present application with reference to the vehicle-mounted device authentication systems shown in fig. 1 and 2.
The embodiment of the present application is illustrated by taking application to a server as an example, as shown in fig. 4, the method includes the following steps S301 to S304:
s301, when receiving a first authentication request message sent by the vehicle-mounted device, the server sends a first random number to the vehicle-mounted device.
The first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment. The first random number may be a number, a letter, or a combination of numbers and letters, for example, may be 1, a,1a, etc.
As a possible implementation manner, the server may monitor the message sent by the vehicle-mounted device in real time, so as to receive the first authentication request message. For example, the first authentication request message sent by the in-vehicle apparatus may enter Kafka. The server monitors the message of Kafka, and when a new first authentication request message is entered in Kafka, the server acquires the first authentication request message from Kafka.
Similarly, the server may send the first random number to the in-vehicle device via Kafka.
As yet another possible implementation manner, the server may receive, through the control bus, a first authentication request message sent by the vehicle-mounted device, and send, through Kafka, a first random number to the vehicle-mounted device. For example, the control bus may be CAN, eth0, eth1, eth2, eth3, and the like.
In practical applications, the first authentication request message may be ClientHello. The server may also send a response message of the first authentication request message to the vehicle-mounted device on the basis of sending the first random number to the vehicle-mounted device, for example, the response message may be SeverHello.
S302, the server receives an authentication message sent by the vehicle-mounted equipment.
The authentication message includes a vehicle-mounted device identifier, a second random number and a first message authentication code, where the first message authentication code is obtained by processing the vehicle-mounted device identifier (for example, ID 1) and the first random number (for example, rand) by the vehicle-mounted device using a preset algorithm. The preset algorithm may be an AES-CMAC algorithm, and the first message authentication code may be s=aes-CMAC (ID 1||rand, k).
As a possible implementation manner, the vehicle-mounted device may process the first random number and the vehicle-mounted device identifier by using a preset algorithm to obtain a first message authentication code, generate a second random number (for example, may be rand 1), further obtain an authentication message by compressing and packaging the first message authentication code, the second random number and the vehicle-mounted device identifier, and send the authentication message to the server. Correspondingly, the server receives an authentication message sent by the vehicle-mounted device.
S303, the server processes the server identification and the second random number by using a preset algorithm under the condition that the authentication of the vehicle-mounted equipment is confirmed to pass, a second message authentication code is obtained, and a second authentication request message is sent to the vehicle-mounted equipment.
Wherein the second authentication request message includes a second message authentication code (e.g., may be s1=aes-CMAC (ID 2/rand 1, k)) and a server identification (e.g., may be ID 2); the second authentication request message is used for requesting the vehicle-mounted device to authenticate the server.
As a possible implementation manner, the server may determine whether the vehicle-mounted device passes authentication according to the first message authentication code. And after the second message authentication code is obtained, sending a second authentication request message to the vehicle-mounted device by using the control bus.
For example, in the case where the first message authentication code is the correct message authentication code, the server determines that the in-vehicle apparatus authentication passes. In the case where the first message authentication code is an error message authentication code, the server determines that the vehicle-mounted device authentication is not passed.
S304, the server receives the long connection request sent by the vehicle-mounted equipment.
The long connection request is sent by the server under the condition that authentication is passed, and the long connection request is used for requesting to establish long connection with the server. For example, the type of long connection may be a transport layer security protocol (Transport Layer Security, TLS) long link.
As a possible implementation manner, after receiving the second authentication request message, the vehicle-mounted device may process the server identifier and the second random number with a preset algorithm to obtain a fourth message authentication code (for example, may be S1' =aes-CMAC (ID 2|rand||rand 1, k)). And under the condition that the fourth message authentication code is the same as the second message authentication code, determining that the server authentication is passed, and then initiating a long connection request to the server. Correspondingly, the server receives and transmits a long connection request through the vehicle-mounted equipment.
Based on the technical scheme provided by the application, under the condition that a first authentication request message sent by the vehicle-mounted equipment is received, a first random number is sent to the vehicle-mounted equipment; receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm. In this way, by transmitting the first random number to the in-vehicle apparatus, the specific first message authentication code can be received. Further, under the condition that the vehicle-mounted equipment passes authentication, processing the server identification and the second random number by using a preset algorithm to obtain a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted device to authenticate the server. Therefore, the vehicle-mounted equipment and the server can perform bidirectional authentication, and the reliability of authentication is improved. Further, the long connection request is sent by the vehicle-mounted device, and the long connection request is sent by the server under the condition that authentication is passed, and is used for requesting to establish long connection with the server. That is, the long connection is established in the case where the mutual authentication is passed, so that the communication security between the in-vehicle devices can be improved.
In some embodiments, as shown in fig. 5, in order to determine whether the vehicle-mounted device authentication passes, the vehicle-mounted device authentication method of the present application may further include S401 to S402 described below.
S401, the server processes the vehicle-mounted equipment identifier and the first random number by using a preset algorithm to obtain a third message authentication code.
The flap signal is used for indicating whether a flap of the external power supply interface is in a closed state or not.
As a possible implementation manner, the server may input the vehicle-mounted device identifier and the first random number into a preset algorithm, so as to obtain the third message authentication code. For example, the third message authentication code may be S' =aes-CMAC (ID 1||rand, k).
S402, if the first message authentication code is the same as the third message authentication code, the server determines that the vehicle-mounted equipment passes authentication.
In one example, in the case where the first message authentication code is s=aes-CMAC (ID 1||rand, k) and the third message authentication code is S '=aes-CMAC (ID 1||rand, k), if s=s', the server determines that the vehicle-mounted device authentication passes.
According to the technical means, the vehicle-mounted equipment identifier and the first random number can be processed through a preset algorithm to obtain the third message authentication code, and whether the vehicle-mounted equipment authentication passes or not is determined by comparing the third message authentication code with the first message authentication code. Thus, illegal intrusion of vehicle-mounted equipment can be avoided.
In one possible embodiment, in order to ensure the communication security between the vehicle-mounted devices, the vehicle-mounted device authentication method of the present application may further include the following S501.
S501, the server disconnects the long connection if the transmission message is not received through the long connection within a preset time period after the long connection request is sent through the vehicle-mounted equipment.
The preset time length can be set according to requirements. For example, the time may be 5 minutes or 10 minutes.
As a possible implementation manner, the server may perform timing after the long connection request is sent through the vehicle-mounted device, and close the authentication connection at the authentication port after the timing reaches a preset duration, so as to disconnect the long connection.
According to the technical means, the long connection can be disconnected if the transmission message is not received through the long connection within the preset time after the long connection request is determined. Therefore, when the server and the vehicle-mounted equipment do not have the transmission message for a long time, if the vehicle-mounted equipment is invaded, the server and the vehicle-mounted equipment are still in a long connection state, so that the communication safety between the vehicle-mounted equipment is improved, and the network resource consumption can be reduced.
In one possible embodiment, in order to avoid abnormality in the vehicle-mounted device authentication process, the vehicle-mounted device authentication method of the present application may further include S601 described below.
S601, the server sends an alarm message to the vehicle-mounted equipment when determining that the vehicle-mounted equipment authentication is not passed.
The warning message is used for indicating the vehicle-mounted equipment to conduct authentication again.
As a possible implementation manner, the server may determine that the vehicle-mounted device authentication is not passed in the case that the first message authentication code and the third message authentication code are different, and send an alarm message to the vehicle-mounted device through the control bus.
Further, after receiving the alarm message, the vehicle-mounted device may resend the first authentication request message to the server to resend the authentication.
In some embodiments, the server may further set a threshold of the number of times of failed authentication, and determine that the vehicle-mounted device is an illegal vehicle-mounted device if the number of times of failed authentication of the vehicle-mounted device is greater than the threshold of the number of times of failed authentication.
Wherein the threshold of the number of failed times can be set according to the requirement. For example, it may be 3 times.
Correspondingly, the vehicle-mounted device can also set an authentication failing times threshold value, and determine that the server is an illegal server under the condition that the times of the server authentication failing times are larger than the failing times threshold value.
It can be understood that by sending an alarm message to the vehicle-mounted device to instruct the vehicle-mounted device to re-authenticate under the condition that the vehicle-mounted device authentication is determined to be failed, the failure of the authentication caused by the abnormality of the vehicle-mounted device authentication process can be avoided, and the reliability of the authentication process is further ensured.
As shown in fig. 6, in a possible embodiment, in a case where the server is a central gateway and the vehicle-mounted device is a Tbox, the vehicle-mounted device authentication method provided in the embodiment of the present application may further include the following S701-S704.
S701, the Tbox initiates a diagnostic communication (Diagnostic communication over Internet Protocol, doIP) session request of the IP network to the central gateway. Accordingly, the central gateway receives the DoIP session request.
S702, the central gateway and the Tbox perform bidirectional authentication.
As a possible implementation manner, the central gateway and the Tbox can perform bidirectional authentication through a certificate authentication manner.
The certificate-based authentication mode is based on a TLS protocol, and the TLS comprises a recording layer and a transmission layer. The recording layer protocol determines the encapsulation format of the transport layer data. The transport layer security protocol uses x.509 certificates for authentication.
For example, the central gateway and Tbox may mutually authenticate each other using an asymmetric encryption algorithm, after which the symmetric key is exchanged as a session key.
As yet another possible implementation manner, the central gateway and the Tbox may perform mutual authentication through a symmetric key authentication manner.
The specific steps of the mutual authentication may refer to the descriptions of S301-S304, and will not be repeated.
It can be understood that the data exchanged between the central gateway and the Tbox are encrypted through the session key, so that the communication data between the central gateway and the Tbox are prevented from being intercepted by a third party, and the confidentiality and reliability of the communication between the central gateway and the Tbox are ensured.
And S703, if the Tbox determines that the central gateway authentication passes, sending a first DoIP message to the central gateway.
As a possible implementation, the Tbox may maintain the TLS long link on the authentication port and send the first DoIP message to the central gateway through the TLS long link.
It should be noted that, the Tbox may maintain the TLS long link on the authentication port by periodically sending a connection maintenance message.
And S704, the central gateway receives the first DoIP message and sends a second DoIP message to the Tbox under the condition that the Tbox authentication is confirmed to pass.
As a possible implementation, the central gateway may receive the first DoIP packet through the TLS long link by opening a virtual local area network (Virtual Local Area Network, VLAN) where the DoIP is located and maintaining the TLS long link on the authentication port.
It should be noted that the central gateway may disable the VLAN in which the DoIP is located before determining that the Tbox is authenticated.
In practical application, the driving domain and the intra-domain controller perform bidirectional identity authentication based on the symmetric key, the authentication initiation time is initiated after the device is electrified and can perform normal communication, the driving domain controller processing layer initiates after receiving the message, and the message can be forwarded to the corresponding automatic driving application after the authentication is passed. If the authentication is not passed, the message is not forwarded to the automatic driving application, and the corresponding automatic driving function is limited.
The various schemes in the embodiments of the present application may be combined on the premise of no contradiction.
The embodiment of the present application may divide the function modules or the function units of the vehicle-mounted device authentication apparatus or the server according to the above method example, for example, each function module or each function unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiments of the present application is merely a logic function division, and other division manners may be implemented in practice.
In the case of dividing the respective functional modules by the respective functions, fig. 7 shows a schematic configuration of an in-vehicle apparatus authentication device 800, which in-vehicle apparatus authentication device 800 may be a server or a chip applied to the server, and which in-vehicle apparatus authentication device 800 may be used to perform the functions of the server as in the above-described embodiments. The in-vehicle apparatus authentication device 800 shown in fig. 7 may include: a transmitting unit 801, a receiving unit 802, and a processing unit 803; a transmitting unit 801, configured to transmit a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment; a receiving unit 802, configured to receive an authentication message sent by the vehicle-mounted device; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm; a processing unit 803, configured to process the server identifier and the second random number by using a preset algorithm to obtain a second message authentication code when it is determined that the vehicle-mounted device passes the authentication; a sending unit 801, configured to send a second authentication request message to the vehicle-mounted device, where the second authentication request message includes a second message authentication code and a server identifier; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server; the processing unit 803 is further configured to receive and send, through the in-vehicle device, a long connection request, where the long connection request is sent by the server if authentication passes, and the long connection request is used to request to establish a long connection with the server.
Further, the apparatus further comprises a determining unit 804; the processing unit 803 is further configured to process the vehicle-mounted device identifier and the first random number by using a preset algorithm, so as to obtain a third message authentication code; a determining unit 804 configured to determine that the vehicle-mounted device passes authentication in the case where the first message authentication code and the third message authentication code are the same.
Further, the processing unit 803 is further configured to disconnect the long connection if the transmission packet is not received through the long connection within a preset duration after the long connection request is sent through the vehicle-mounted device.
Further, the sending unit 801 is further configured to send an alarm message to the vehicle device when it is determined that the vehicle device authentication is not passed, where the alarm message is used to instruct the vehicle device to perform authentication again.
Embodiments of the present application also provide a computer-readable storage medium. All or part of the flow in the above method embodiments may be implemented by a computer program to instruct related hardware, where the program may be stored in the above computer readable storage medium, and when the program is executed, the program may include the flow in the above method embodiments. The computer-readable storage medium may be an internal storage unit of the in-vehicle apparatus authentication device or the server (including the data transmitting end and/or the data receiving end) of any of the foregoing embodiments, for example, a hard disk or a memory of the in-vehicle apparatus authentication device. The computer-readable storage medium may be an external storage device of the vehicle-mounted device authentication apparatus, such as a plug-in hard disk (SMC) provided in the vehicle-mounted device authentication apparatus, a Secure Digital (SD) card, a flash card, or the like. Further, the above-described computer-readable storage medium may further include both the internal storage unit and the external storage device of the above-described in-vehicle device authentication apparatus. The computer-readable storage medium is used for storing the computer program and other programs and data required for the in-vehicle apparatus authentication device. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
The embodiment of the application also provides a vehicle, which comprises the vehicle-mounted equipment authentication system, the server or the vehicle-mounted equipment authentication device related to the embodiment of the method.
Further, actions, terms, etc. referred to between embodiments of the present application may be referred to each other without limitation. In the embodiment of the present application, the name of the message or the name of the parameter in the message, etc. interacted between the devices are only an example, and other names may also be adopted in the specific implementation, and are not limited.
It should be noted that the terms "first" and "second" and the like in the description, claims and drawings of the present application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present application, "at least one (item)" means one or more, "a plurality" means two or more, "at least two (items)" means two or three and three or more, "and/or" for describing an association relationship of an association object, three kinds of relationships may exist, for example, "a and/or B" may mean: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A vehicle-mounted device authentication method, characterized by being applied to a server, the method comprising:
transmitting a first random number to the vehicle-mounted device when receiving a first authentication request message transmitted by the vehicle-mounted device; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment;
receiving an authentication message sent by the vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm;
processing the server identification and the second random number by utilizing the preset algorithm under the condition that the vehicle-mounted equipment passes authentication, obtaining a second message authentication code, and sending a second authentication request message to the vehicle-mounted equipment, wherein the second authentication request message comprises the second message authentication code and the server identification; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server;
And receiving and transmitting a long connection request through the vehicle-mounted equipment, wherein the long connection request is transmitted by the server under the condition that authentication is passed, and the long connection request is used for requesting to establish long connection with the server.
2. The method according to claim 1, wherein the method further comprises:
processing the vehicle-mounted equipment identifier and the first random number by using the preset algorithm to obtain a third message authentication code;
and if the first message authentication code is the same as the third message authentication code, determining that the vehicle-mounted equipment passes authentication.
3. The method according to claim 1, wherein the method further comprises:
and within a preset time length after a long connection request is sent by the vehicle-mounted equipment, if a transmission message is not received through the long connection, the long connection is disconnected.
4. A method according to any one of claims 1-3, characterized in that the method further comprises:
and sending an alarm message to the vehicle-mounted equipment under the condition that the vehicle-mounted equipment is determined to not pass the authentication, wherein the alarm message is used for indicating the vehicle-mounted equipment to perform authentication again.
5. An in-vehicle apparatus authentication device, characterized by being applied to a server, the device comprising: the device comprises a sending unit, a receiving unit and a processing unit;
The sending unit is used for sending a first random number to the vehicle-mounted equipment when receiving a first authentication request message sent by the vehicle-mounted equipment; the first authentication request message is used for requesting the server to authenticate the vehicle-mounted equipment;
the receiving unit is used for receiving the authentication message sent by the receiving vehicle-mounted equipment; the authentication message comprises a vehicle-mounted device identifier, a second random number and a first message authentication code, wherein the first message authentication code is obtained by processing the vehicle-mounted device identifier and the first random number by the vehicle-mounted device through a preset algorithm;
the processing unit is used for processing the server identifier and the second random number by utilizing the preset algorithm under the condition that the vehicle-mounted equipment passes authentication, so as to obtain a second message authentication code;
the sending unit is further configured to send a second authentication request message to the vehicle-mounted device, where the second authentication request message includes the second message authentication code and the server identifier; the second authentication request message is used for requesting the vehicle-mounted equipment to authenticate the server;
the processing unit is further configured to receive a long connection request sent by the vehicle-mounted device, where the long connection request is sent by the server when authentication passes, and the long connection request is used for requesting to establish a long connection with the server.
6. The apparatus according to claim 5, further comprising a determination unit;
the processing unit is further configured to process the vehicle-mounted device identifier and the first random number by using the preset algorithm to obtain a third message authentication code;
the determining unit is configured to determine that the vehicle-mounted device passes authentication when the first message authentication code and the third message authentication code are the same.
7. The apparatus of claim 5, wherein the processing unit is further configured to:
and within a preset time length after a long connection request is sent by the vehicle-mounted equipment, if a transmission message is not received through the long connection, the long connection is disconnected.
8. The apparatus according to any of claims 5-7, wherein the sending unit is further configured to:
and sending an alarm message to the vehicle-mounted equipment under the condition that the vehicle-mounted equipment is determined to not pass the authentication, wherein the alarm message is used for indicating the vehicle-mounted equipment to perform authentication again.
9. An in-vehicle apparatus authentication system, characterized in that the in-vehicle apparatus authentication system includes a server for executing the method according to any one of claims 1 to 4.
10. An in-vehicle apparatus authentication device, characterized by comprising: a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of any one of claims 1 to 4.
11. A vehicle comprising the in-vehicle apparatus authentication system according to claim 9.
12. A computer readable storage medium, characterized in that, when computer-executable instructions stored in the computer readable storage medium are executed by a processor of an electronic device, the electronic device is capable of performing the method of any one of claims 1 to 4.
CN202310412087.2A 2023-04-17 2023-04-17 Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium Pending CN116506166A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310412087.2A CN116506166A (en) 2023-04-17 2023-04-17 Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310412087.2A CN116506166A (en) 2023-04-17 2023-04-17 Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium

Publications (1)

Publication Number Publication Date
CN116506166A true CN116506166A (en) 2023-07-28

Family

ID=87319501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310412087.2A Pending CN116506166A (en) 2023-04-17 2023-04-17 Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium

Country Status (1)

Country Link
CN (1) CN116506166A (en)

Similar Documents

Publication Publication Date Title
US11755713B2 (en) System and method for controlling access to an in-vehicle communication network
US11134064B2 (en) Network guard unit for industrial embedded system and guard method
US20160173530A1 (en) Vehicle-Mounted Network System
CN106664311B (en) Supporting differentiated secure communications between heterogeneous electronic devices
WO2021093334A1 (en) Vehicle upgrade packet processing method and apparatus
Groza et al. LiBrA-CAN: Lightweight broadcast authentication for controller area networks
Fassak et al. A secure protocol for session keys establishment between ECUs in the CAN bus
EP3646536B1 (en) System and method for managing secure communications between modules in a controller area network
CN111049803A (en) Data encryption and platform security access method based on vehicle-mounted CAN bus communication system
CN112235235A (en) SDP authentication protocol implementation method based on state cryptographic algorithm
EP3893462A1 (en) Message transmission method and apparatus
KR20130083619A (en) Data certification and acquisition method for vehicle
King Investigating and securing communications in the Controller Area Network (CAN)
CN113938304B (en) CAN bus-based data encryption transmission method
Bella et al. CINNAMON: A module for AUTOSAR secure onboard communication
CN111164933A (en) Method for ensuring communication safety without state management
CN114827150A (en) Internet of things terminal data uplink adaptation method, system and storage medium
Bruton Securing can bus communication: An analysis of cryptographic approaches
CN107040508B (en) Device and method for adapting authorization information of terminal device
CN113448299A (en) Vehicle gateway controller, information processing method and vehicle
US11570179B2 (en) Secure transfer using media access control security (MACsec) key agreement (MKA)
CN114422208A (en) Vehicle safety communication method, device, microprocessor and storage medium
Lauser et al. Formal Security Analysis of Vehicle Diagnostic Protocols
CN116506166A (en) Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium
CN109088731B (en) Internet of things cloud communication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination